Yikes! Appears to possibly be a hijacking/compromised account issue. Although I’m familiar with session hijacking from an IT perspective, without technical data from the server logs (which I know can’t be shared) I can’t comment further.
I would recommend perhaps temporarily disabling wiki requests (i.e. remove “requestwiki” from the “user” group on Meta) and add a sitenotice to that effect.